Date: Tue, 05 Feb 2008 07:01:16 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Chuck Swiger <cswiger@mac.com> Cc: Tuan Ho <taho89@hotmail.com>, freebsd-questions@freebsd.org Subject: Re: Help on freeBSD 4.10 Message-ID: <47A809BC.2000608@infracaninophile.co.uk> In-Reply-To: <4E314437-2B3E-4FC1-9825-5E08DA278635@mac.com> References: <BAY104-W2950C28F322C2E997A2E98DC330@phx.gbl> <4E314437-2B3E-4FC1-9825-5E08DA278635@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger wrote: > On Feb 4, 2008, at 2:31 PM, Tuan Ho wrote: >> 1/ >> As an administrator, how can i disable an account after three >> consecutive unsuccessful login attempts? > > As root, you could run: > > chsh -s /usr/sbin/nologin _user_ Um... I don't think that's quite what the OP meant. He wants to automatically lock out anyone that fails 3 times to supply the right password. See login.conf(5), particularly these entries: login-backoff number 3 The number of login attempts allowed before the backoff delay is inserted after each subsequent attempt. The backoff delay is the number of tries above login-backoff multiplied by 5 seconds. login-retries number 10 The number of login attempts allowed before the login fails. Note that this applies only to the login(1) program and so applies to textmode logins directly on the console. Other applications like xdm(1) have different controls, as do applications that provide remote access like ssh(1). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47A809BC.2000608>